Abstract

We control using bright light an actively-quenched avalanche single-photon detector. Actively-quenched detectors are commonly used for quantum key distribution (QKD) in the visible and near-infrared range. This study shows that these detectors are controllable by the same attack used to hack passively-quenched and gated detectors. This demonstrates the generality of our attack and its possible applicability to eavsdropping the full secret key of all QKD systems using avalanche photodiodes (APDs). Moreover, the commercial detector model we tested (PerkinElmer SPCM-AQR) exhibits two new blinding mechanisms in addition to the previously observed thermal blinding of the APD, namely: malfunctioning of the bias voltage control circuit, and overload of the DC/DC converter biasing the APD. These two new technical loopholes found just in one detector model suggest that this problem must be solved in general, by incorporating generally imperfect detectors into the security proof for QKD.

Figures (6)

Intercept-resend (faked-state) attack Eve could launch against a QKD system which runs a four-state protocol with polarization coding and passive choice of basis [21–24]. In the example, Eve targets the detector recording vertically polarized qubits in the horizontal/vertical (H/V) basis. We assume here that detectors click controllably when illuminated by an optical pulse with peak power ≥ Pth, and that they are blind (or kept blind) at power ≤ Pth/2 (characteristics of the ‘blinding generator’ potentially needed to bring detectors in this working mode will be described later). To address the target detector, Eve sends a faked state with V polarization and power 2Pth, thus the V detector receives power Pth after basis choice, and clicks. The detectors recording polarized qubits in the conjugate (45°-rotated, D/A) basis each receive a pulse of power Pth/2, and thus remain blinded. In the diagram: BS, 50:50% beamsplitter; PBS, polarizing beamsplitter; HWP, half-wave plate rotated 22.5°.

Oscillogram at detector output (lower trace) illuminated by bright optical pulses (upper trace) made of control pulses (808nm, 8mW, 50ns wide, 800kHz repetition rate) to blind the detector, and of weaker trigger pulses (8ns wide). The trigger pulses make the detector click with unity probability and sub-nanosecond time jitter only above a certain power threshold. In the example, detector always clicks at Pth = 2.88mW peak power trigger pulses, never clicks at ≤2.49mW.

Detector blinding: (a) APD bias voltage vs. frequency and peak optical power Pcontrol of rectangular 50ns wide input optical pulses. Normal bias voltage at low count rate for this detector sample is 410V (the other detector sample we tested had bias voltage of 350V). Filled symbols denote pulse parameters at which the detector got completely blind between the control pulses. (b) Parameters in the circuit vs. frequency of optical pulses with peak power Pcontrol = 8mW. Behavior of these parameters reveals three blinding mechanisms summarized over the top of the chart. The middle chart shows static voltage difference between the inputs of opamp, controlling the APD bias voltage (as similarity of the two top charts confirms). The lower chart shows current of the thermoelectric cooler (TEC) and the temperature of the APD as measured by a thermistor mounted nearby at the cold plate of the TEC.

Simplified reverse-engineered circuit diagram of PerkinElmer SPCM-AQR module. In normal operation, the cathode of the APD (superlow-k (SliK) type [37]) is biased at a constant high voltage, stabilized by a feedback loop containing an opamp U7.1 (Texas Instruments TLC2262), field-effect transistor Q11 and high-voltage DC/DC converter module U6 (EMCO custom model no. 9546). The anode of the APD is connected to a detection and quenching circuit (DQC). The DQC senses charge flowing through the APD during the avalanche, then briefly connects the APD anode to +30V to lower the voltage across the APD below breakdown and quench the avalanche. The APD anode voltage is subsequently reset to 0V, and the detector becomes ready for the next avalanche. (Note: the circuit diagram has been greatly simplified for the paper; do not use this figure for attempting detector repair or modification.)

APD package decapsulated: the cover and fibre coupling optics have been cut off. The dark dot in the center of the APD is its photosensitive area. The APD and thermistor are mounted on the cold plate of a two-stage thermoelectric cooler (TEC). In the assembled detector, the package base is in thermal contact with an aluminum detector outer case serving as a heatsink.

Comparison of thermal blinding characteristics of the PerkinElmer SPCM-AQR detector (a) to the ones reported for ID Quantique’s Clavis2 commercial QKD system [11] (b). Filled symbols denote regime in which the detector got completely blind between the control pulses. For the SPCM-AQR, characteristics at Pcontrol = 1mW are shown, because at this power thermal blinding is the only blinding mechanism.